Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #3358586 by godotislate, kala4ek, jaswinsingh, benjifisher, creact, catch, simohell, alexpott, alfthecat, aaronbauman, rupertj, poker10: RuntimeException: Adding non-existent permissions to a role is not allowed 

(cherry picked from commit 0348fc5148)
merge-requests/10915/head
Alex Pott 2025-01-08 09:04:38 +00:00
parent 0e3d2d669d
commit 2d4b89e51d
No known key found for this signature in database
GPG Key ID: BDA67E7EE836E5CE
2 changed files with 35 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/modules/user/src/Entity/Role.php
View File

@ -207,10 +207,15 @@ class Role extends ConfigEntityBase implements RoleInterface {
$valid_permissions = array_intersect($this->permissions, array_keys($permission_definitions));
$invalid_permissions = array_diff($this->permissions, $valid_permissions);
if (!empty($invalid_permissions)) {
throw new \RuntimeException('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "' . implode('", "', $invalid_permissions) . '".');
\Drupal::logger('user')->error('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', [
'@label' => $this->label(),
'@id' => $this->id(),
'@permissions' => implode(', ', $invalid_permissions),
]);
$this->permissions = $valid_permissions;
}
foreach ($valid_permissions as $permission) {
// Depend on the module that is providing this permissions.
// Depend on the module that is providing this permission.
$this->addDependency('module', $permission_definitions[$permission]['provider']);
// Depend on any other dependencies defined by permissions granted to
// this role.

33
core/modules/user/tests/src/Kernel/UserRoleEntityTest.php
View File

@ -4,8 +4,11 @@ declare(strict_types=1);
namespace Drupal\Tests\user\Kernel;
use Drupal\Core\DependencyInjection\ContainerBuilder;
use Drupal\Core\Logger\RfcLogLevel;
use Drupal\KernelTests\KernelTestBase;
use Drupal\user\Entity\Role;
use Symfony\Component\ErrorHandler\BufferingLogger;
/**
* @group user
@ -18,6 +21,16 @@ class UserRoleEntityTest extends KernelTestBase {
*/
protected static $modules = ['system', 'user', 'user_permissions_test'];
/**
* {@inheritdoc}
*/
public function register(ContainerBuilder $container): void {
parent::register($container);
$container
->register(BufferingLogger::class)
->addTag('logger');
}
public function testOrderOfPermissions(): void {
$role = Role::create(['id' => 'test_role', 'label' => 'Test role']);
$role->grantPermission('b')
@ -37,17 +50,27 @@ class UserRoleEntityTest extends KernelTestBase {
$role = Role::create(['id' => 'test_role', 'label' => 'Test role']);
// A single permission that does not exist.
$this->expectException(\RuntimeException::class);
$this->expectExceptionMessage('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "does not exist".');
$role->grantPermission('does not exist')
->save();
$log_message = \Drupal::service(BufferingLogger::class)->cleanLogs()[0];
$this->assertSame(RfcLogLevel::ERROR, $log_message[0]);
$this->assertSame('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', $log_message[1]);
$this->assertSame('Test role', $log_message[2]['@label']);
$this->assertSame('test_role', $log_message[2]['@id']);
$this->assertSame('does not exist', $log_message[2]['@permissions']);
// A multiple permissions that do not exist.
$this->expectException(\RuntimeException::class);
$this->expectExceptionMessage('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "does not exist, also does not exist".');
// Multiple permissions that do not exist.
$role->grantPermission('does not exist')
->grantPermission('also does not exist')
->save();
$log_message = \Drupal::service(BufferingLogger::class)->cleanLogs()[0];
$this->assertSame(RfcLogLevel::ERROR, $log_message[0]);
$this->assertSame('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', $log_message[1]);
$this->assertSame('Test role', $log_message[2]['@label']);
$this->assertSame('test_role', $log_message[2]['@id']);
$this->assertSame('does not exist, also does not exist', $log_message[2]['@permissions']);
$permissions = $role->getPermissions();
$this->assertEmpty(array_intersect(['does not exist', 'also does not exist'], $permissions));
}
public function testPermissionRevokeAndConfigSync(): void {